Managing security roles

A security role represents a certain level of authorization and includes the set of actions that users or groups can perform on a set of object types.

For the list of actions that users or groups can perform on the different objects, for each IBM Workload Scheduler task, see Actions on security objects.

A set of predefined security roles is available in the master domain manager database after the product has been installed:
  • A full access definition for the user who installed the product, TWS_user with the default security role assigned named FULLCONTROL.
  • An access definition for the system administrator, root on UNIX or Administrator on Windows.
You can create new security roles or manage existing security roles.

Create new role

To create a new security role from the Dynamic Workload Console, complete the following procedure:

  1. From the navigation toolbar, click Administration.
  2. In the Security select Manage Workload Security.
    The Manage Workload Security panel opens.
  3. From the drop-down list, select the IBM Workload Scheduler engine on which you want to manage security settings.
  4. In the Roles section, click Create new role.
    The Create Role panel opens.
  5. Enter the name of the security role that you are creating and, optionally, the role description.
  6. For each of the IBM Workload Scheduler tasks, assign the level of access for performing certain actions on specific object types to the security role. You can assign a predefined or a custom level of access.
  7. Click Show Details to see the permissions associated to a predefined level of access, or to define your custom level of access. Tooltips are available to explain what a certain permission means for a particular object type.
  8. Click View to see the mapping between the set of permissions that you are assigning and the corresponding set of permissions in the classic security model.
  9. Click Save to save the security role definition in the database.
  10. Click Save and Exit to save the security role definition in the database and return to the Manage Workload Security panel.

The security role has now been added to the database. If the optman enRoleBasedSecurityFileCreation global option is set to yes, the security role is activated in your security file.

Manage roles

From Manage Workload Security, you can also remove, edit, and duplicate existing roles.

  1. In the Roles section of the Manage Workload Security panel, click Manage roles.
    The list of the available security roles is displayed.
  2. Select the security roles that you want to manage.
  3. Select the action that you want to run on the selected roles.